Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

g2i2r4

Posted 23 June 2005 - 06:04 AM

Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.

Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on System Startup icon.Uncheck Teatimer box and/or Uncheck Resident.Click Allow Change box.

***

First, download and install CleanUp! but do not run it yet.*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Launch ewido, there should be a big E icon on your desktop, double-click it.

The program will prompt you to update click the OK button

The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update

Click on Start

The update will start and a progress bar will show the updates being installed.After the updates are installed, exit Ewido

***

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

***

Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:*Click "Options..."*Move the arrow down to "Custom CleanUp!"*Put a check next to the following:

Empty Recycle Bins

Delete Cookies

Delete Prefetch files

Scan local drives for temporary files

Cleanup! All Users

Click OKPress the CleanUp! button to start the program.Close Cleanup and reboot back to save mode.

***

Run Ewido.

Click on scanner

Make sure the following boxes are checked before scanning:

Binder

Crypter

Archives

Click on Start Scan

Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report

Save the report to your desktop

Exit Ewido

Reboot into normal mode.

***

Go to Start > Control Panel > Add or Remove Programs and remove the following:

*Memory*Startup Folders*Drive - All Local Drives*Folder - then click "browse" to change the directory to C: (default is C:\Windows)*Registry*System Folders*Services*Include Sub-Directory*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run.

Highlight the portion of the scan that lists infected items and hold CTRL + C to Copy then paste it here. The whole log with be extremely big so there is no way to copy the whole thing. I just need the infected items list.

***

Post the report from Ewido and MWAW and a new HiJackThis log into this topic.

g2i2r4

Posted 23 June 2005 - 01:01 PM

yogabill

Posted 23 June 2005 - 02:58 PM

yogabill

New Member

Topic Starter

Member

4 posts

The cut and paste did not take and I had already shut down the scan program. There were 6 items found. 4 were deleted and 2 no action was taken. Is there a way to call up that scan list. I can get the log but can't find where the viruses are in that log.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.